While iSeries administrators last week watched as thousands of Windows administrators fended off the Mydoom worm, at least one antivirus vendor says there are reports of the virus being detected on the iSeries.
According to Reno, Nev.-based Bytware Inc., which makes virus-detection software for the iSeries, the Mydoom-B variant is affecting iSeries shops. The worm can enter through the Integrated File System (IFS) or the Simple Mail Transfer Protocol (SMTP) and reside in PC files stored on the iSeries. OS/400 cannot execute the virus or replicate it other than through the SMTP server.
"We have talked to several customers who say they have detected the virus on their iSeries," said Bytware spokesman Christopher Jones. However, he said, customers were reluctant to give their names because of the sensitivity of the situation.
But iSeries security expert Carol Woodbury said that while, in theory, the iSeries could be infected, it's highly improbable. "The stars have got to be aligned properly for it to happen and, generally, that's not the case," she said.
According to a report from SearchSecurity.com, Mydoom-B is particularly damaging because, like its predecessor, Mydoom-A, which is already being labeled the most prolific worm of all time by some experts -- it opens several ports that could enable remote access by an attacker, and it contains denial-of-service capabilities. Mydoom-B also tweaks infected systems so they cannot access antivirus and security Web sites, making it difficult for users of infected machines to download signature files or cleanup tools.
Woodbury said the IFS can create security problems for the iSeries, but this isn't news. "Viruses have been stored in documents and folders for a very long time," she said. "It's just that viruses are becoming more intrusive, so you hear more about it."
In fact, there were numerous iSeries shops that reported being hit with the Sobig-F worm this summer.
"I heard iSeries customers ... were hit by that --and much of that was fending off the attack," she said. "I haven't heard [of] any yet that have been hit with Mydoom -- not yet, anyway."
iSeries programmer and consultant John Brandt said he hasn't "heard a peep" in any of the chat rooms or discussion forums of anyone running an iSeries who has been infected.
"It's nice to be immune," he said.
Still, Woodbury recommends that administrators apply the same virus-prevention procedures to their iSeries systems that they apply to their other platforms as a general security best practice.
"You're immune," she said, "but you're only as good as your last update. Anytime I opened my mail this week, I've been glad I have my Norton antivirus."
She added that this type of attack underscores the fact that iSeries users need to keep antivirus signatures up to date, no matter where they reside -- on the PC or the IFS. "Too many PC users get it but then don't upgrade," she said. "It's critical that it's kept up to date."